Trojan Acts like Carrier IQ Tool

Thursday, January 12, 2012 @ 03:01 PM gHale

A deceptive Android Trojan disguised as a tool to detect the controversial Carrier IQ software is really running up phone bills of smartphone users.

Called Android.Qicsomos by Symantec researchers, the Trojan is a version of an open source project designed to detect Carrier IQ, a diagnostic tool built into a host of smartphones from different carriers.

Carrier IQ sent the security world into an uproar when, in late November, a researcher discovered the software, designed to enhance consumers’ mobile experience, actually logs keystrokes, text messages and encrypted Web searches. Carrier IQ reps refuted the original claims the software harvests users’ personal data.

The weeklong drama, however, was enough to make Carrier IQ — and smartphone privacy — a hot issue. Knowing that, attackers can keep the new Qicsomos Trojan alive and spreading.

Qicsomos, which is currently affecting French Android customers, hides in an app called “Detecteur de Carrier IQ” and appears on devices with an icon similar to Orange, a major European telecom operator, researchers said. When the user notices the icon and presses “Désinstaller” (to uninstall Carrier IQ ), the Trojan goes to work sending four premium rate text messages, billing the smartphone owner, and then erases itself.

Symantec researchers said there is no trace of the phony app, “Detecteur de Carrier IQ 2.0.4,” in Google’s official Android App Market. They believe the app may be spreading through social engineering or phishing campaigns pretending to be from an official mobile carrier.

While Qicsomos is affecting French Android users, it’s possible the attackers could shift the battlefield to the U.S. In the event you come across unsolicited apps or emails promising software to detect or rid your phone of Carrier IQ, do not pursue the offers and never download any app that looks suspicious.